[ 85.024700][ T27] audit: type=1800 audit(1583205577.118:36): pid=11057 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [ 85.786359][ T27] audit: type=1400 audit(1583205577.968:37): avc: denied { watch } for pid=11146 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.146' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 93.648424][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 93.648440][ T27] audit: type=1400 audit(1583205585.838:42): avc: denied { map } for pid=11247 comm="syz-executor508" path="/root/syz-executor508778263" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 93.657667][T11247] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 93.683040][ T27] audit: type=1400 audit(1583205585.838:43): avc: denied { create } for pid=11247 comm="syz-executor508" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_rdma_socket permissive=1 [ 93.696609][T11247] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 93.714414][ T27] audit: type=1400 audit(1583205585.838:44): avc: denied { write } for pid=11247 comm="syz-executor508" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_rdma_socket permissive=1 [ 93.759408][T11247] netlink: 'syz-executor508': attribute type 1 has an invalid length. [ 93.804731][T11247] 8021q: adding VLAN 0 to HW filter on device bond1 [ 93.843536][T11247] bond1: (slave gretap1): making interface the new active one [ 93.858690][T11247] [ 93.861071][T11247] ====================================================== [ 93.868233][T11247] WARNING: possible circular locking dependency detected [ 93.875261][T11247] 5.6.0-rc3-syzkaller #0 Not tainted [ 93.880540][T11247] ------------------------------------------------------ [ 93.887566][T11247] syz-executor508/11247 is trying to acquire lock: [ 93.894065][T11247] ffffffff8a5d2ee0 (lock#3){+.+.}, at: cma_netdev_callback+0xc6/0x380 [ 93.902239][T11247] [ 93.902239][T11247] but task is already holding lock: [ 93.909609][T11247] ffffffff8a74de80 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x405/0xaf0 [ 93.918041][T11247] [ 93.918041][T11247] which lock already depends on the new lock. [ 93.918041][T11247] [ 93.928561][T11247] [ 93.928561][T11247] the existing dependency chain (in reverse order) is: [ 93.937579][T11247] [ 93.937579][T11247] -> #1 (rtnl_mutex){+.+.}: [ 93.944275][T11247] __mutex_lock+0x156/0x13c0 [ 93.949419][T11247] mutex_lock_nested+0x16/0x20 [ 93.954721][T11247] rtnl_lock+0x17/0x20 [ 93.959347][T11247] siw_create_listen+0x329/0xed0 [ 93.964824][T11247] iw_cm_listen+0x16e/0x1f0 [ 93.969857][T11247] rdma_listen+0x613/0x970 [ 93.974815][T11247] cma_listen_on_dev+0x530/0x6a0 [ 93.980286][T11247] cma_add_one+0x6fe/0xbf0 [ 93.985237][T11247] add_client_context+0x3dd/0x550 [ 93.990796][T11247] enable_device_and_get+0x1df/0x3c0 [ 93.996619][T11247] ib_register_device+0xa89/0xe40 [ 94.002174][T11247] siw_newlink+0xdef/0x1310 [ 94.007205][T11247] nldev_newlink+0x28a/0x430 [ 94.012334][T11247] rdma_nl_rcv+0x5d9/0x980 [ 94.017287][T11247] netlink_unicast+0x59e/0x7e0 [ 94.022587][T11247] netlink_sendmsg+0x91c/0xea0 [ 94.027895][T11247] sock_sendmsg+0xd7/0x130 [ 94.032844][T11247] ____sys_sendmsg+0x753/0x880 [ 94.038169][T11247] ___sys_sendmsg+0x100/0x170 [ 94.043557][T11247] __sys_sendmsg+0x105/0x1d0 [ 94.048686][T11247] __x64_sys_sendmsg+0x78/0xb0 [ 94.054019][T11247] do_syscall_64+0xfa/0x790 [ 94.059059][T11247] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.065469][T11247] [ 94.065469][T11247] -> #0 (lock#3){+.+.}: [ 94.072023][T11247] __lock_acquire+0x2596/0x4a00 [ 94.077441][T11247] lock_acquire+0x190/0x410 [ 94.082505][T11247] __mutex_lock+0x156/0x13c0 [ 94.087635][T11247] mutex_lock_nested+0x16/0x20 [ 94.092967][T11247] cma_netdev_callback+0xc6/0x380 [ 94.098529][T11247] notifier_call_chain+0xc2/0x230 [ 94.104109][T11247] raw_notifier_call_chain+0x2e/0x40 [ 94.109926][T11247] call_netdevice_notifiers_info+0xba/0x130 [ 94.116378][T11247] call_netdevice_notifiers+0x79/0xa0 [ 94.122291][T11247] bond_change_active_slave+0x185b/0x2050 [ 94.128546][T11247] bond_select_active_slave+0x276/0xae0 [ 94.134709][T11247] bond_enslave+0x44ef/0x4af0 [ 94.139912][T11247] do_set_master+0x1dd/0x240 [ 94.145029][T11247] __rtnl_newlink+0x13a3/0x1790 [ 94.150411][T11247] rtnl_newlink+0x69/0xa0 [ 94.155265][T11247] rtnetlink_rcv_msg+0x45e/0xaf0 [ 94.160732][T11247] netlink_rcv_skb+0x177/0x450 [ 94.166024][T11247] rtnetlink_rcv+0x1d/0x30 [ 94.170969][T11247] netlink_unicast+0x59e/0x7e0 [ 94.176257][T11247] netlink_sendmsg+0x91c/0xea0 [ 94.181545][T11247] sock_sendmsg+0xd7/0x130 [ 94.186517][T11247] ____sys_sendmsg+0x753/0x880 [ 94.191814][T11247] ___sys_sendmsg+0x100/0x170 [ 94.197039][T11247] __sys_sendmsg+0x105/0x1d0 [ 94.202164][T11247] __x64_sys_sendmsg+0x78/0xb0 [ 94.207489][T11247] do_syscall_64+0xfa/0x790 [ 94.212527][T11247] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.218940][T11247] [ 94.218940][T11247] other info that might help us debug this: [ 94.218940][T11247] [ 94.229176][T11247] Possible unsafe locking scenario: [ 94.229176][T11247] [ 94.236742][T11247] CPU0 CPU1 [ 94.242138][T11247] ---- ---- [ 94.247505][T11247] lock(rtnl_mutex); [ 94.251508][T11247] lock(lock#3); [ 94.257661][T11247] lock(rtnl_mutex); [ 94.264161][T11247] lock(lock#3); [ 94.267804][T11247] [ 94.267804][T11247] *** DEADLOCK *** [ 94.267804][T11247] [ 94.275961][T11247] 1 lock held by syz-executor508/11247: [ 94.281503][T11247] #0: ffffffff8a74de80 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x405/0xaf0 [ 94.290383][T11247] [ 94.290383][T11247] stack backtrace: [ 94.296285][T11247] CPU: 0 PID: 11247 Comm: syz-executor508 Not tainted 5.6.0-rc3-syzkaller #0 [ 94.305147][T11247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 94.315308][T11247] Call Trace: [ 94.318605][T11247] dump_stack+0x197/0x210 [ 94.322948][T11247] print_circular_bug.isra.0.cold+0x163/0x172 [ 94.329036][T11247] check_noncircular+0x32e/0x3e0 [ 94.333980][T11247] ? print_circular_bug.isra.0+0x230/0x230 [ 94.339798][T11247] ? alloc_list_entry+0xc0/0xc0 [ 94.344660][T11247] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 94.350911][T11247] ? find_first_zero_bit+0x9a/0xc0 [ 94.356032][T11247] __lock_acquire+0x2596/0x4a00 [ 94.360904][T11247] ? mark_held_locks+0xf0/0xf0 [ 94.365678][T11247] lock_acquire+0x190/0x410 [ 94.370193][T11247] ? cma_netdev_callback+0xc6/0x380 [ 94.375411][T11247] __mutex_lock+0x156/0x13c0 [ 94.380016][T11247] ? cma_netdev_callback+0xc6/0x380 [ 94.385232][T11247] ? cfg80211_netdev_notifier_call+0x186/0x17bb [ 94.391490][T11247] ? queue_work_on+0xef/0x210 [ 94.396180][T11247] ? cma_netdev_callback+0xc6/0x380 [ 94.401399][T11247] ? cfg80211_init_wdev+0x500/0x500 [ 94.406614][T11247] ? mutex_trylock+0x2d0/0x2d0 [ 94.411415][T11247] ? __kasan_check_read+0x11/0x20 [ 94.416465][T11247] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 94.422379][T11247] ? tun_device_event+0x76/0x10e0 [ 94.427424][T11247] mutex_lock_nested+0x16/0x20 [ 94.432207][T11247] ? mutex_lock_nested+0x16/0x20 [ 94.437154][T11247] cma_netdev_callback+0xc6/0x380 [ 94.442192][T11247] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 94.448105][T11247] notifier_call_chain+0xc2/0x230 [ 94.453149][T11247] raw_notifier_call_chain+0x2e/0x40 [ 94.458454][T11247] call_netdevice_notifiers_info+0xba/0x130 [ 94.464388][T11247] call_netdevice_notifiers+0x79/0xa0 [ 94.469783][T11247] ? call_netdevice_notifiers_info+0x130/0x130 [ 94.475955][T11247] ? __kasan_check_read+0x11/0x20 [ 94.481001][T11247] ? bond_should_notify_peers+0x1f0/0x400 [ 94.486740][T11247] bond_change_active_slave+0x185b/0x2050 [ 94.492479][T11247] ? lockdep_hardirqs_on+0x421/0x5e0 [ 94.497784][T11247] ? bond_slave_link_status+0x70/0x70 [ 94.503179][T11247] bond_select_active_slave+0x276/0xae0 [ 94.508774][T11247] ? bond_change_active_slave+0x2050/0x2050 [ 94.514777][T11247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.521045][T11247] bond_enslave+0x44ef/0x4af0 [ 94.525766][T11247] ? bond_update_slave_arr+0x880/0x880 [ 94.531373][T11247] ? rtmsg_ifinfo+0x61/0xa0 [ 94.535895][T11247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.542154][T11247] ? __dev_notify_flags+0x183/0x2c0 [ 94.547375][T11247] ? dev_change_name+0x930/0x930 [ 94.552356][T11247] ? alloc_netdev_mqs+0xa78/0xe40 [ 94.557427][T11247] ? __kasan_check_read+0x11/0x20 [ 94.562468][T11247] ? mutex_is_locked+0x12/0x50 [ 94.567285][T11247] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 94.573055][T11247] ? bond_update_slave_arr+0x880/0x880 [ 94.578543][T11247] do_set_master+0x1dd/0x240 [ 94.583150][T11247] __rtnl_newlink+0x13a3/0x1790 [ 94.588027][T11247] ? lock_downgrade+0x920/0x920 [ 94.592907][T11247] ? rtnl_link_unregister+0x250/0x250 [ 94.598300][T11247] ? is_bpf_image_address+0x1da/0x290 [ 94.603709][T11247] ? __kernel_text_address+0xd/0x40 [ 94.608923][T11247] ? unwind_get_return_address+0x61/0xa0 [ 94.614565][T11247] ? profile_setup.cold+0xbb/0xbb [ 94.619605][T11247] ? arch_stack_walk+0x97/0xf0 [ 94.624394][T11247] ? stack_trace_save+0x8f/0xc0 [ 94.629285][T11247] ? stack_trace_consume_entry+0x170/0x170 [ 94.635139][T11247] ? save_stack+0x5c/0x90 [ 94.639477][T11247] ? save_stack+0x23/0x90 [ 94.643819][T11247] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 94.649662][T11247] ? rtnl_newlink+0x4b/0xa0 [ 94.654305][T11247] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 94.659900][T11247] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 94.665931][T11247] rtnl_newlink+0x69/0xa0 [ 94.670278][T11247] ? __rtnl_newlink+0x1790/0x1790 [ 94.675318][T11247] rtnetlink_rcv_msg+0x45e/0xaf0 [ 94.680275][T11247] ? rtnl_bridge_getlink+0x910/0x910 [ 94.685595][T11247] ? lock_downgrade+0x920/0x920 [ 94.690471][T11247] ? netlink_deliver_tap+0x226/0xbf0 [ 94.695776][T11247] ? find_held_lock+0x35/0x130 [ 94.700558][T11247] netlink_rcv_skb+0x177/0x450 [ 94.705330][T11247] ? rtnl_bridge_getlink+0x910/0x910 [ 94.710655][T11247] ? netlink_ack+0xb50/0xb50 [ 94.715278][T11247] ? __kasan_check_read+0x11/0x20 [ 94.720326][T11247] ? netlink_deliver_tap+0x248/0xbf0 [ 94.725628][T11247] rtnetlink_rcv+0x1d/0x30 [ 94.730060][T11247] netlink_unicast+0x59e/0x7e0 [ 94.734862][T11247] ? netlink_attachskb+0x870/0x870 [ 94.739999][T11247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.746260][T11247] netlink_sendmsg+0x91c/0xea0 [ 94.751043][T11247] ? netlink_unicast+0x7e0/0x7e0 [ 94.756000][T11247] ? tomoyo_socket_sendmsg+0x26/0x30 [ 94.761308][T11247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.767603][T11247] ? security_socket_sendmsg+0x8d/0xc0 [ 94.773084][T11247] ? netlink_unicast+0x7e0/0x7e0 [ 94.778042][T11247] sock_sendmsg+0xd7/0x130 [ 94.782483][T11247] ____sys_sendmsg+0x753/0x880 [ 94.787294][T11247] ? kernel_sendmsg+0x50/0x50 [ 94.791997][T11247] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 94.797602][T11247] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 94.803637][T11247] ___sys_sendmsg+0x100/0x170 [ 94.808334][T11247] ? sendmsg_copy_msghdr+0x70/0x70 [ 94.813467][T11247] ? __kasan_check_read+0x11/0x20 [ 94.818511][T11247] ? __lock_acquire+0x8a0/0x4a00 [ 94.823480][T11247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.829876][T11247] ? __this_cpu_preempt_check+0x35/0x190 [ 94.835571][T11247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.841834][T11247] ? percpu_counter_add_batch+0x13c/0x190 [ 94.847577][T11247] ? __fd_install+0x1bc/0x640 [ 94.852301][T11247] ? find_held_lock+0x35/0x130 [ 94.857185][T11247] ? __fd_install+0x1bc/0x640 [ 94.861910][T11247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 94.868174][T11247] ? __fget_light+0x1ad/0x270 [ 94.872986][T11247] ? __fdget+0x1b/0x20 [ 94.877084][T11247] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 94.883409][T11247] __sys_sendmsg+0x105/0x1d0 [ 94.888055][T11247] ? __sys_sendmsg_sock+0xc0/0xc0 [ 94.893099][T11247] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 94.899101][T11247] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 94.904574][T11247] ? do_syscall_64+0x26/0x790 [ 94.909265][T11247] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.915347][T11247] ? do_syscall_64+0x26/0x790 [ 94.920043][T11247] __x64_sys_sendmsg+0x78/0xb0 [ 94.924839][T11247] do_syscall_64+0xfa/0x790 [ 94.929399][T11247] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.935302][T11247] RIP: 0033:0x440509 [ 94.939214][T11247] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 94.958824][T11247] RSP: 002b:00007ffd73fe16d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 94.967247][T11247] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440509 [ 94.975229][T11247] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004 [ 94.983217][T11247] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 94.991202][T11247] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401d90 [ 94.999197][T11247] R13: 0000000000401e20 R14: 0000000000000000 R15: 0000000000000000